byword.netlify.app

A Comparison of Cryptographic Algorithms:DES, 3DES, AES, RSA and Blowfish for GuessingAttacks Prevention

Mohammed Nazeh Abdul Wahid*, Abdulrahman Ali, Babak Esparham and Mohamed Marwan

Limkokwing University of Creative and Technology, Post Graduate Centre, Cyberjaya, Malaysia

*Corresponding author: Mohammed Nazeh Abdul Wahid, Senior Lecturer, Limkokwing university of creative technology, Post Graduate Centre,Cyberjaya, Malaysia, Tel: +60104339985; E-mail:@

Received: June 22, 2018; Accepted: July 12, 2018; Published: August 10, 2018

Citation: Nazeh Abdul Wahid MD, Ali A, Esparham B, Marwan MD (2018) A Comparison of Cryptographic Algorithms: DES, 3DES, AES, RSA and Blowfish for Guessing Attacks Prevention. J Comp Sci Appl Inform Technol. 3(2): 1-7. DOI: 10.15226/2474-9257/3/2/00132

Abstract

Encryption is the process of encoding information or data inorder to prevent unauthorized access. These days we need to securethe information that is stored in our computer or is transmitted viainternet against attacks. There are different types of cryptographicmethods that can be used. Basically, the selecting cryptographicmethod depends on the application demands such as the responsetime, bandwidth, confidentiality and integrity. However, each ofcryptographic algorithms has its own weak and strong points. In thispaper, we will present the result of the implementation and analysisthat applied on several cryptographic algorithms such as DES, 3DES,AES, RSA and blowfish. Also, we will show the comparisons betweenthe previous cryptographic techniques in terms of performances,weaknesses and strengths.
Keywords: Network security; Data encryption; Securecommunication; Attacks; Ciphertext;

In recent years, many applications based on internet aredeveloped such as on-line shopping, internet banking andelectronic bill payment etc. Such transactions, over wire orwireless public networks demand end-to-end secure connections,should be private, to ensure data authentication, accountabilityand privacy, integrity and availability, also known as CIA triad[25].
For this reason, the proposed algorithm has utilized FeistelCipher in safe wifi design (sWiFi). In addition, this system will useHash-based Message Authentication Code (HMAC) technology forauthentication purposes. Experimental tests have provided anevaluation of four encryption algorithms (AES, DES, 3DES, andBlowfish) compared to developed sWiFi systems [26].
Encryption is one of the principal means to guarantee securityof sensitive information. Encryption algorithm performs varioussubstitutions and transformations on the plaintext (originalmessage before encryption) and transforms it into ciphertext(scrambled message after encryption). Many encryptionalgorithms are widely available and used in information security.Encryption algorithms are classified into two groups: Symmetrickey(also called secret-key) and Asymmetric-key (called publickey)encryption [2].
A secure Wi-Fi system for wireless networks: experimentalevaluation is a network security system for an application usingthe proposed algorithm. As for some cryptographic system, itis commonly used to secure communication channels by usingpublic key exchanges based on algorithms such as RSA, DES, AES,Triple DES and Blowfish. From the key exchange, it depends onthe key used to encrypt data sent over an unsecured Internetchannel. In addition, the existing cryptographic algorithm relieson a data separation model designed by IBM’s Horst Feistel [27].
A secure data transmission feature of (CC) cloud computinghas plays a very important role in business perspective. Forutilizing cloud computing, business trends have to play a lot ofmoney to the cloud service provider. Cloud service provider alsohas guaranteed either the confidentiality or integrity of the data.This paper proposes an intensive study for the idea of sendingalready encrypted file through cloud in spite of the original fileusing RSA and DES algorithm of cryptography [4]. The aim is toprovide evidence of which of the encryption methods has morepowerful and effectiveness technique when encrypted file istransmitted, so original file is not available even at the network.So even if any intermediate user sees the data, he will not be ableto understand the data. That’s why confidentiality and integrityis maintained by this. Hence, security of cloud data will beincreased. This work can be enhanced using hybrid approach byintegrating multiple cryptography algorithms [28].

In this paper, the analysis has been done based on the followingmetrics: [1].
i- Encryption time: The time taken to convert plaintext tociphertext is encryption time. Encryption time depends uponkey size, plaintext block size and mode. In our experiment, wehave measured encryption time in milliseconds. Encryptiontime affects performance of the system [3]. Encryption timemust be less making the system fast and responsive.
ii- Decryption time: The time to recover plaintext from ciphertextis called decryption time. The decryption time is desired tobe less similar to encryption time to make system responsiveand fast. Decryption time affects performance of system.In our experiment, we have measured decryption time ismilliseconds.
iii- Memory used: Different encryption techniques requiredifferent memory size for implementation. This memoryrequirement depends on the number of operations to be doneby the algorithm, key size used, initialization vectors usedand type of operations. The memory used impacts cost of thesystem. It is desirable that the memory required should be assmall as possible.
iv- Avalanche effect: In cryptography, a property called diffusionreflects cryptographic strength of an algorithm. If there isa small change in an input, the output changes significantly.This is also called avalanche effect. We have measuredAvalanche effect using hamming distance. Hamming distancein information theory is measure of dissimilarity. We findhamming distance as sum of bit-by-bit xor considering ASCIIvalue, as it becomes easy to implement programmatically. Ahigh degree of diffusion i.e. high avalanche effect is desired.Avalanche effect reflects performance of cryptographicalgorithm.
v- Entropy: is the randomness collected by an application for usein cryptography that requires random data. A lack of entropycan have a negative impact on performance and security.
vi- Number of bits required for encoding optimally: the number ofbits required to encode an encrypted character should be less.Since, the encrypted bit will be transmitted over a networkafter encoding; this metric tells us the bandwidth required fortransmission. If an encrypted bit is encoded with fewer bits,it will consume lesser bandwidth and lesser storage as well.Hence, this impacts cost.

As we have mentioned that Encryption is the process ofencoding information or data in order to prevent unauthorizedaccess. There are different types of cryptographic methods thatcan be used. Each one of them serving different topology andall provide secure transmitted data through network links andensure authentication and confidentiality. All these end to endencryption and decryption algorithms have to be applied in thephysical layer and security layer of the computer application.At the same time a specific IP configurations are need to beconsidered as well as the protocol that will be used to transmitthe traffics. The diagram below showing us the cipher securityclasses which are subdivided into 2 models: classical and modernclass. The most common and used is the modern class due to thedynamic and static cryptography techniques that this techniquewas deployed with. It is known also by its types;
i. Secret Key (Symmetric Key) in a symmetric cryptosystem, thesame key is used for encryption and decryption [5,11].
ii. Public Key (Asymmetric Key) in an asymmetric, the encryptionand decryption keys are different but related. The encryptionkey is known as the public key and the decryption key is knownas the private key. The public and private keys are known as akey pair [5].
So, our focus point in this paper is on these two types withtheir classes to show the significance for each one of themthrough our literature and to prove which one is the best withwhat environment. (Figure 1)

Advance Encryption Standard (AES) algorithm was developed in1998 by Joan Daemen and Vincent Rijmen, which is a symmetrickey block cipher [7]. AES algorithm can support any combinationof data (128 bits) and key length of 128, 192, and 256 bits.The algorithm is referred to as AES-128, AES-192, or AES-256,depending on the key length. During encryption decryptionprocess, AES system goes through 10 rounds for I28-bit keys, 12rounds for I92-bit keys, and 14 rounds for 256-bit keys in orderto deliver final cipher-text or to retrieve the original plain-textAES allows a 128 bit data length that can be divided into fourbasic operational blocks. These blocks are treated as array ofbytes and organized as a matrix of the order of 4×4 that is calledthe state. For both encryption and decryption, the cipher beginswith adding Round Key stage [30]. However, before reaching thefinal round, this output goes through nine main rounds, duringeach of those rounds four transformations are performed; 1- Subbytes,2- Shift rows, 3- Mix-columns, 4- Add round Key. In thefinal (10th) round, there is no Mix-column transformation. Figureshows the overall process. Decryption is the reverse processof encryption and using inverse functions: Inverse SubstituteBytes, Inverse Shift Rows and Inverse Mix Columns. Each roundof AES is governed by the following transformations [12]: 3.4.1Substitute Byte transformation AES contains 128 bit data block,which means each of the data blocks has 16 bytes. In sub-bytetransformation, each byte (8-bit) of a data block is transformedinto another block using an 8-bit substitution box, which isknown as Rijndael Sbox [13]. (Figure 2)

Figure 2: AES (Advanced Encryption Standard) process

Data Encryption Standard (DES)

DES is one of the most widely accepted, publicly availablecryptographic systems. It was developed by IBM in the 1970sbut was later adopted by the National Institute of Standards andTechnology (NIST). The algorithm submitted to the NationalBureau of Standards (NBS) to propose a candidate for theprotection of sensitive unclassified electronic government data. Itis now taken as unsecured cause of its small size and a brute forceattack is possible in it. The key length is 56 bits and block size is64 bit length. It is vulnerable to key attack when a weak key isused. It began with a 64 bit key and then the NSA put a restrictionto use of DES with a 56- bit key length, hence DES discards 8 bitsof the 64 bit key and then uses the compressed 56 bit key derivedfrom 64 bits key to encrypt data in block size of 64bits.DES canoperate in different modes - CBC, ECB, CFB and OFB, making itflexible. It is vulnerable to key attack when a weak key is used.In January 1999 distributed net and the Electronic FrontierFoundation (EFF) collaborated to publicly break a DES key in 22hours and 15 minutes. The algorithm is believed to be practicallysecure in the form of Triple DES, although there are theoreticalattacks. In recent years, the cipher has been superseded by theAdvanced Encryption Standard (AES) [14-16].

RSA is founded in 1977 is a public key cryptosystem. RSA isan asymmetric cryptographic algorithm named after its foundersRivest, Shamir & Adelman [9,29]. It is one of the best-knownpublic key cryptosystems for key exchange or digital signatures orencryption of blocks of data. RSA uses a variable size encryptionblock and a variable size key. It is an asymmetric (public key)cryptosystem based on number theory, which is a block ciphersystem. It uses two prime numbers to generate the public andprivate keys size is 1024 to 4096 bits. These two different keysare used for encryption and decryption purpose. Sender encryptsthe message using Receiver public key and when the messagegets transmit to receiver, then receiver can decrypt it by usinghis own private key [20,21]. RSA operations can be decomposedin three broad steps; key generation, encryption and decryption.RSA have many flaws in its design therefore not preferred for thecommercial use. When the small values of p & q are selected forthe designing of key then the encryption process becomes tooweak and one can be able to decrypt the data by using randomprobability theory and side channel attacks. On the other hand, iflarge p & q lengths are selected then it consumes more time andthe performance is degraded in comparison with DES. Further,the algorithm also requires of similar lengths for p & q, practicallythis is very tough conditions to satisfy. Padding techniques arerequired in such cases increases the system’s overheads by takingmore processing time. Figure illustrates the sequence of eventsfollowed by RSA algorithm for the encryption of multiple blocks.Decrypt blocks of data consisting of 64 bits by using a 64-bit key[22]. (Figure 3)

Blowfish was first published in 1993 [6]. It is a symmetrickey block cipher with key length variable from 32 to 448 bitsand block size of 64 bits. Its structure is fiestal network. Blowfishis a symmetric block cipher that can be used as an informalreplacement for DES or IDEA. It takes a variable-length key,from 32 bits to 448 bits, making it ideal for both domestic andcommercial use [8]. Blowfish was designed by Bruce Schneier asa fast, free alternative to existing encryption algorithms. Fromthen, it has been analyzed considerably, and it is slowly gainingpopularity as a robust encryption algorithm. It suffers fromweak keys’ problem; no attack is known to be successful against.Blowfish is not patented, has free license and is freely availablefor all uses [24].

In this paper, the results are analyzed based on theimplementation that performed in [1,27].
i- Figure 4 shows that the blowfish algorithm records the fastestencryption time, and RSA algorithm records the slowestencryption time. Based on the encryption time we will selectthe blowfish technique for further evaluation.

Figure 4: Encryption time vs. File size for DES, 3DES, AES, Blowfish and RSA

ii- Figure 5 shows that the decryption time for all algorithmsis faster than the encryption time. Also, blowfish algorithmrecords the fastest decryption time and RSA algorithm recordsthe slowest decryption time. Based on the decryption timefeature we will select the blowfish technique to be consideredat the next evaluation level.

Figure 5: Decryption time vs. File size for DES, 3DES, AES, Blowfish andRSA

iii- Up next in the table 1 presents that memory used for unitoperations for all cryptographic techniques that we studied.Blowfish consumed less memory storage than other types,while RSA uses the highest memory.

Table 1: Comparison of memory used

iv- Figure 6 displays that AES manifests the highest avalancheeffect, whereas RSA manifests the least avalanche effect. Thishas turned the attention back to AES for further analysis andimprovements.
v- As the entropy test and final experiment. Table 2 shows thatblowfish records the highest average entropy per byte ofencryption. That should highlight the blowfish algorithmachievements for consideration of a new security aspect.

Figure 6: Decryption time vs. File size for DES, 3DES, AES, Blowfish andRSA

vi- Table 3 presents AES demands the highest number of bitsto be encoded optimally, whereas DES demands the lowestnumber of bits to be encoded optimally.

Table 3: Optimal encoding length

Conclusion

Each of cryptographic algorithms has weakness points andstrength points. We select the cryptographic algorithm basedon the demands of the application that will be used. From theexperiment results and the comparison, the blowfish algorithmis the perfect choice in case of time and memory according tothe criteria of guessing attacks and the required features, since itrecords the shortest time among all algorithms. Also, it consumesthe minimum memory storage. If confidentiality and integrity aremajor factors, AES algorithm can be selected. If the demand of theapplication is the network bandwidth, the DES is the best option.We can consider that blowfish and AES algorithms are used toprevent the application from guessing attacks and it can beapplied on top of all the internet protocols that are based on IPv4and IPv6 and the examinations recoded in this paper showingthat all the algorithms and the classes are functioned well withdifferent execution time and memory consumption.

ReferencesTop